[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#47670] [PATCH 0/2] Add updater for packages hosted as SourceHut Git
[bug#47670] [PATCH 0/2] Add updater for packages hosted as SourceHut Git repositories
Tue, 27 Jul 2021 12:19:46 +0200
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
Replying to an old message…
Xinglu Chen <email@example.com> skribis:
> On Sun, Jun 06 2021, Ludovic Courtès wrote:
>>> Umm, the 'upstream-source-compiler' uses 'url-fetch' to fetch the url, I
>>> guess we would have to make it support Git repositories first.
>> Yes, that’s a limitation of (guix upstream) right now.
>> ‘%method-updates’ was a first step in the direction of supporting Git
> One of the problems with adding support for Git repos in (guix upstream)
> was that Libgit2 (and by extension Guile-Git) doesn’t provide an API for
> verifying tags, the I only way I know of is to run ‘git verify-tag’ in
> the shell. There is a ‘git_commit_extract_signature’ API, but it only
> for individual commits, and since the majority of people don’t sign
> their commits it means that a most of the time its not going to be able
> to verify the checkout.
The (guix git-authenticate) commit has code that retrieves the OpenPGP
signature and checks it. It can serve as inspiration.
>> Now, I agree with Léo that (1) this is not SourceHut-specific, and (2)
>> it should not download generated archives.
>> Also, I’d prefer to have the code rely on Guile-Git to list tags rather
>> than invoking ‘git’, if possible.
> Libgit2 has a ‘git_tag_list’ API, though it doesn’t seem like Guile-Git
> supports it.
Ah, we could add it.
>> Perhaps that code could leave in its own (guix import git) module or
>> similar, rather than in (guix gnu-maintenance), which already has
>> little to do with GNU maintenance at this point. :-)
> Yeah, I think that’s a good idea :)
|[Prev in Thread]
||[Next in Thread]|
- [bug#47670] [PATCH 0/2] Add updater for packages hosted as SourceHut Git repositories,
Ludovic Courtès <=